diff options
| author | Pavel Vinogradov | 2019-04-04 15:10:26 -0400 |
|---|---|---|
| committer | Pavel Vinogradov | 2019-04-04 15:10:26 -0400 |
| commit | a144fd21c852fe5d84a8be70c0763079baffadf5 (patch) | |
| tree | 759428c7e1e724b4b1b71d15715f8eca148254a2 /printer | |
| parent | 4b3e95d426af63f4428f6f6627e28d5089265caf (diff) | |
printer/ghostscript: version 9.27
Diffstat (limited to 'printer')
| -rwxr-xr-x | printer/ghostscript/DETAILS | 4 | ||||
| -rw-r--r-- | printer/ghostscript/HISTORY | 4 | ||||
| -rw-r--r-- | printer/ghostscript/patches/0001-cve-2019-6116.patch | 166 | ||||
| -rw-r--r-- | printer/ghostscript/patches/0002-cve-2019-6116.patch | 421 | ||||
| -rw-r--r-- | printer/ghostscript/patches/0003-cve-2019-6116.patch | 24 | ||||
| -rw-r--r-- | printer/ghostscript/patches/0004-cve-2019-6116.patch | 126 | ||||
| -rw-r--r-- | printer/ghostscript/patches/0005-cve-2019-6116.patch | 589 | ||||
| -rw-r--r-- | printer/ghostscript/patches/0006-cve-2019-6116.patch | 333 | ||||
| -rw-r--r-- | printer/ghostscript/patches/0007-cve-2019-3835-3838.patch | 270 | ||||
| -rw-r--r-- | printer/ghostscript/patches/0008-cve-2019-3835-3838.patch | 162 |
10 files changed, 6 insertions, 2093 deletions
diff --git a/printer/ghostscript/DETAILS b/printer/ghostscript/DETAILS index ed84b33023..642acc8a03 100755 --- a/printer/ghostscript/DETAILS +++ b/printer/ghostscript/DETAILS @@ -1,6 +1,6 @@ SPELL=ghostscript - VERSION=9.26 - SOURCE_HASH="sha512:3ddb83029edf32282357bf606f4045a9ac73df6543cd423cfad09158ec12ada083a0dbb5aac3b73ae24cbc6c1e9d7574257a5c1fae63ba8776fbb00150ef2a3e:UPSTREAM_HASH" + VERSION=9.27 + SOURCE_HASH="sha512:5e67ad45a80f01c6ef0eabb1c76dfa8fb6e7f0fde8d82fd5daaf12f370c288a672f8fa69c74d9e30255582267e9a906e4e8b13655f8d993fefdfc8dbdb5d5401:UPSTREAM_HASH" SECURITY_PATCH=7 SOURCE=$SPELL-$VERSION.tar.xz SOURCE_DIRECTORY="$BUILD_DIRECTORY/$SPELL-$VERSION" diff --git a/printer/ghostscript/HISTORY b/printer/ghostscript/HISTORY index 333c3ab224..58b8be2d93 100644 --- a/printer/ghostscript/HISTORY +++ b/printer/ghostscript/HISTORY @@ -1,3 +1,7 @@ +2019-04-04 Pavel Vinogradov <public@sourcemage.org> + * DETAILS: version 9.27 + * patches/*: deleted + 2019-03-22 Pavel Vinogradov <public@sourcemage.org> * DETAILS. patches/000{7,8}-cve-2019-3835-3838.patch: SECURITY_PATCH++, (CVE-2019-3835 and CVE-2019-3838) diff --git a/printer/ghostscript/patches/0001-cve-2019-6116.patch b/printer/ghostscript/patches/0001-cve-2019-6116.patch deleted file mode 100644 index 4a196133b3..0000000000 --- a/printer/ghostscript/patches/0001-cve-2019-6116.patch +++ /dev/null @@ -1,166 +0,0 @@ -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Dec 2018 12:22:13 +0000 (+0000) -Subject: Sanitize op stack for error conditions -X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=13b0a36f8181db66a91bcc8cea139998b53a8996 - -Sanitize op stack for error conditions - -We save the stacks to an array and store the array for the error handler to -access. - -For SAFER, we traverse the array, and deep copy any op arrays (procedures). As -we make these copies, we check for operators that do *not* exist in systemdict, -when we find one, we replace the operator with a name object (of the form -"/--opname--"). ---- - -diff --git a/psi/int.mak b/psi/int.mak -index 81bc59d..5dfb66c 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -203,7 +203,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\ - $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\ - $(ierrors_h) $(gsstruct_h) $(gsutil_h)\ - $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\ -- $(store_h) $(INT_MAK) $(MAKEDIRS) -+ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \ -+ $(INT_MAK) $(MAKEDIRS) - $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c - - $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\ -diff --git a/psi/interp.c b/psi/interp.c -index 16cce23..68f977c 100644 ---- a/psi/interp.c -+++ b/psi/interp.c -@@ -797,6 +797,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) - uint size = ref_stack_count(pstack) - skip; - uint save_space = ialloc_space(idmemory); - int code, i; -+ ref *safety, *safe; - - if (size > 65535) - size = 65535; -@@ -814,6 +815,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) - make_null(&arr->value.refs[i]); - } - } -+ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 && -+ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) && -+ safe->value.boolval == true) { -+ code = ref_stack_array_sanitize(i_ctx_p, arr, arr); -+ if (code < 0) -+ return code; -+ } - ialloc_set_space(idmemory, save_space); - return code; - } -diff --git a/psi/istack.c b/psi/istack.c -index 2c030f8..1bfcde4 100644 ---- a/psi/istack.c -+++ b/psi/istack.c -@@ -27,6 +27,10 @@ - #include "iutil.h" - #include "ivmspace.h" /* for local/global test */ - #include "store.h" -+#include "icstate.h" -+#include "iname.h" -+#include "dstack.h" -+#include "idict.h" - - /* Forward references */ - static void init_block(ref_stack_t *pstack, const ref *pblock_array, -@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count, - return 0; - } - -+int -+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr) -+{ -+ int i, code; -+ ref obj, arr2; -+ ref *pobj2; -+ gs_memory_t *mem = (gs_memory_t *)idmemory->current; -+ -+ if (!r_is_array(sarr) || !r_has_type(darr, t_array)) -+ return_error(gs_error_typecheck); -+ -+ for (i = 0; i < r_size(sarr); i++) { -+ code = array_get(mem, sarr, i, &obj); -+ if (code < 0) -+ make_null(&obj); -+ switch(r_type(&obj)) { -+ case t_operator: -+ { -+ int index = op_index(&obj); -+ -+ if (index > 0 && index < op_def_count) { -+ const byte *data = (const byte *)(op_index_def(index)->oname + 1); -+ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) { -+ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize"); -+ if (s) { -+ s[0] = '\0'; -+ strcpy((char *)s, "--"); -+ strcpy((char *)s + 2, (char *)data); -+ strcpy((char *)s + strlen((char *)data) + 2, "--"); -+ } -+ else { -+ s = (byte *)data; -+ } -+ code = name_ref(imemory, s, strlen((char *)s), &obj, 1); -+ if (code < 0) make_null(&obj); -+ if (s != data) -+ gs_free_object(mem, s, "ref_stack_array_sanitize"); -+ } -+ } -+ else { -+ make_null(&obj); -+ } -+ ref_assign(darr->value.refs + i, &obj); -+ break; -+ } -+ case t_array: -+ case t_shortarray: -+ case t_mixedarray: -+ { -+ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable); -+ /* We only want to copy executable arrays */ -+ if (attrs & (a_execute | a_executable)) { -+ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize"); -+ if (code < 0) { -+ make_null(&arr2); -+ } -+ else { -+ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2); -+ } -+ ref_assign(darr->value.refs + i, &arr2); -+ } -+ else { -+ ref_assign(darr->value.refs + i, &obj); -+ } -+ break; -+ } -+ default: -+ ref_assign(darr->value.refs + i, &obj); -+ } -+ } -+ return 0; -+} -+ -+ - /* - * Store the top 'count' elements of a stack, starting 'skip' elements below - * the top, into an array, with or without store/undo checking. age=-1 for -diff --git a/psi/istack.h b/psi/istack.h -index 4619a3b..7c33844 100644 ---- a/psi/istack.h -+++ b/psi/istack.h -@@ -125,6 +125,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count, - uint skip, int age, bool check, - gs_dual_memory_t *idmem, client_name_t cname); - -+int -+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr); -+ - /* - * Pop the top N elements off a stack. - * The number must not exceed the number of elements in use. diff --git a/printer/ghostscript/patches/0002-cve-2019-6116.patch b/printer/ghostscript/patches/0002-cve-2019-6116.patch deleted file mode 100644 index 7dc657992d..0000000000 --- a/printer/ghostscript/patches/0002-cve-2019-6116.patch +++ /dev/null @@ -1,421 +0,0 @@ -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 13 Dec 2018 15:28:34 +0000 (+0000) -Subject: Any transient procedures that call .force* operators -X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=2db98f9c66135601efb103d8db7d020a672308db - -Any transient procedures that call .force* operators - -(i.e. for conditionals or loops) make them executeonly. ---- - -diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps -index da3add7..d3872d6 100644 ---- a/Resource/Init/gs_diskn.ps -+++ b/Resource/Init/gs_diskn.ps -@@ -51,7 +51,7 @@ systemdict begin - mark 5 1 roll ] mark exch { { } forall } forall ] - //systemdict /.searchabledevs 2 index .forceput - exch .setglobal -- } -+ } executeonly - if - } .bind executeonly odef % must be bound and hidden for .forceput - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 63948f4..947d281 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -78,7 +78,7 @@ level2dict begin - .currentglobal - { % Current mode is global; delete from local directory too. - //systemdict /LocalFontDirectory .knownget -- { 1 index .forceundef } % LocalFontDirectory is readonly -+ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly - if - } - { % Current mode is local; if there was a shadowed global -@@ -126,7 +126,7 @@ level2dict begin - } - ifelse - } forall -- pop counttomark 2 idiv { .forceundef } repeat pop % readonly -+ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly - } - if - //SharedFontDirectory exch .forcecopynew pop -diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps -index 9b579fd..196c864 100644 ---- a/Resource/Init/gs_fntem.ps -+++ b/Resource/Init/gs_fntem.ps -@@ -401,12 +401,12 @@ currentdict end def - .forceput % FontInfo can be read-only. - pop % bool <font> - exit -- } if -+ } executeonly if - dup /FontInfo get % bool <font> <FI> - /GlyphNames2Unicode /Unicode /Decoding findresource - .forceput % FontInfo can be read-only. - exit -- } loop -+ } executeonly loop - exch setglobal - } .bind executeonly odef % must be bound and hidden for .forceput - -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 4cf23f8..ee3275f 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /.setnativefontmapbuilt { % set whether we've been run - dup type /booleantype eq { - systemdict exch /.nativefontmapbuilt exch .forceput -- } -+ } executeonly - {pop} - ifelse - } .bind executeonly odef -@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put - { 2 index gcheck currentglobal - 2 copy eq { - pop pop .forceput -- } { -+ } executeonly { - 5 1 roll setglobal - dup length string copy - .forceput setglobal -- } ifelse -+ } executeonly ifelse - } .bind executeonly odef % must be bound and hidden for .forceput - - % Attempt to load a font from a file. -@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put - .FontDirectory 3 index .forceundef % readonly - 1 index (r) file .loadfont .FontDirectory exch - /.setglobal .systemvar exec -- } -+ } executeonly - { .loadfont .FontDirectory - } - ifelse -@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put - dup 3 index .fontknownget - { dup /PathLoad 4 index //.putgstringcopy - 4 1 roll pop pop pop //true exit -- } if -+ } executeonly if - - % Maybe the file had a different FontName. - % See if we can get a FontName from the file, and if so, -@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put - ifelse % Stack: origfontname fontdict - exch pop //true exit - % Stack: fontdict -- } -+ } executeonly - if pop % Stack: origfontname fontdirectory path - } - if pop pop % Stack: origfontname -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 65ab5c0..e4902a5 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2386,7 +2386,7 @@ SAFER { .setsafeglobal } if - % Update the copy of the user parameters. - mark .currentuserparams counttomark 2 idiv { - userparams 3 1 roll .forceput % userparams is read-only -- } repeat pop -+ } executeonly repeat pop - % Turn on idiom recognition, if available. - currentuserparams /IdiomRecognition known { - /IdiomRecognition //true .definepsuserparam -@@ -2405,7 +2405,7 @@ SAFER { .setsafeglobal } if - % Remove real system params from pssystemparams. - mark .currentsystemparams counttomark 2 idiv { - pop pssystemparams exch .forceundef -- } repeat pop -+ } executeonly repeat pop - } if - - % Set up AlignToPixels : -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps -index 577c20b..5c8ac11 100644 ---- a/Resource/Init/gs_lev2.ps -+++ b/Resource/Init/gs_lev2.ps -@@ -154,7 +154,8 @@ end - % protect top level of parameters that we copied - dup type dup /arraytype eq exch /stringtype eq or { readonly } if - /userparams .systemvar 3 1 roll .forceput % userparams is read-only -- } { -+ } executeonly -+ { - pop pop - } ifelse - } forall -@@ -224,7 +225,7 @@ end - % protect top level parameters that we copied - dup type dup /arraytype eq exch /stringtype eq or { readonly } if - //pssystemparams 3 1 roll .forceput % pssystemparams is read-only -- } -+ } executeonly - { pop pop - } - ifelse -@@ -941,7 +942,7 @@ mark - dup /PaintProc get - 1 index /Implementation known not { - 1 index dup /Implementation //null .forceput readonly pop -- } if -+ } executeonly if - exec - }.bind odef - -@@ -965,7 +966,7 @@ mark - dup /PaintProc get - 1 index /Implementation known not { - 1 index dup /Implementation //null .forceput readonly pop -- } if -+ } executeonly if - /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not - %% [CTM] <<Form>> PaintProc .beginform - - { -@@ -1012,7 +1013,7 @@ mark - %% Form dictioanry using the /Implementation key). - 1 dict dup /FormID 4 -1 roll put - 1 index exch /Implementation exch .forceput readonly pop -- } -+ } executeonly - ifelse - } - { -diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps -index 1c417ad..aa4313d 100644 ---- a/Resource/Init/gs_pdfwr.ps -+++ b/Resource/Init/gs_pdfwr.ps -@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef - } ifelse - } bind .makeoperator .forceput - systemdict /.pdf_hooked_DSC_Creator //true .forceput -- } if -+ } executeonly if - pop - } if - } { -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index 67b82b5..b711562 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -152,7 +152,7 @@ setglobal - % use .forceput / .forcedef later to replace the dummy, - % empty .Instances dictionary with the real one later. - readonly -- } { -+ }{ - /defineresource cvx /typecheck signaloperror - } ifelse - } bind executeonly odef -@@ -424,7 +424,7 @@ status { - % As noted above, Category dictionaries are read-only, - % so we have to use .forcedef here. - /.Instances 1 index .forcedef % Category dict is read-only -- } if -+ } executeonly if - } - { .LocalInstances dup //.emptydict eq - { pop 3 dict localinstancedict Category 2 index put -diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps -index 893a2bb..0379a51 100644 ---- a/Resource/Init/gs_setpd.ps -+++ b/Resource/Init/gs_setpd.ps -@@ -689,7 +689,7 @@ SETPDDEBUG { (Result of putting.) = pstack flush } if - SETPDDEBUG { (Rolling back.) = pstack flush } if - 3 index 2 index 3 -1 roll .forceput - 4 index 1 index .knownget -- { 4 index 3 1 roll .forceput } -+ { 4 index 3 1 roll .forceput } executeonly - { 3 index exch .undef } - ifelse - } bind executeonly odef -diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps -index 2932efc..0ea99a3 100644 ---- a/Resource/Init/pdf_base.ps -+++ b/Resource/Init/pdf_base.ps -@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef - - /.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ? - PDFDEBUG { -- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if -+ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if - PDFSTEP { - pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput - PDFSTEPcount 1 gt { - pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput -- } { -+ } executeonly -+ { - dup ==only - ( step # ) print PDFtokencount =only - ( ? ) print flush 1 //false .outputpage - (%stdin) (r) file 255 string readline { - token { - exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput -- } { -+ } executeonly -+ { - pdfdict /PDFSTEPcount 1 .forceput -- } ifelse % token -+ } executeonly ifelse % token - } { - pop /PDFSTEP //false def % EOF on stdin - } ifelse % readline - } ifelse % PDFSTEPcount > 1 -- } { -+ } executeonly -+ { - dup ==only () = flush - } ifelse % PDFSTEP - } if % PDFDEBUG -diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps -index 0da8181..36c41a9 100644 ---- a/Resource/Init/pdf_draw.ps -+++ b/Resource/Init/pdf_draw.ps -@@ -1131,14 +1131,14 @@ currentdict end readonly def - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - end - } ifelse - } loop -@@ -1154,14 +1154,14 @@ currentdict end readonly def - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - pop - -@@ -2363,9 +2363,10 @@ currentdict /last-ditch-bpc-csp undef - /IncrementAppearanceNumber { - pdfdict /AppearanceNumber .knownget { - 1 add pdfdict /AppearanceNumber 3 -1 roll .forceput -- }{ -+ } executeonly -+ { - pdfdict /AppearanceNumber 0 .forceput -- } ifelse -+ } executeonly ifelse - }bind executeonly odef - - /MakeAppearanceName { -@@ -2523,7 +2524,8 @@ currentdict /last-ditch-bpc-csp undef - %% want to preserve it. - pdfdict /.PreservePDFForm false .forceput - /q cvx /execform cvx 5 -2 roll -- }{ -+ } executeonly -+ { - /q cvx /PDFexecform cvx 5 -2 roll - } ifelse - -diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps -index 2153033..a3b9699 100644 ---- a/Resource/Init/pdf_font.ps -+++ b/Resource/Init/pdf_font.ps -@@ -714,7 +714,7 @@ currentdict end readonly def - pop pop pop - currentdict /.stackdepth .forceundef - currentdict /.dstackdepth .forceundef -- } -+ } executeonly - {pop pop pop} - ifelse - -@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef - (\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) - pdfformatwarning - pdfdict /.Qqwarning_issued //true .forceput -- } if -+ } executeonly if - Q - } repeat - Q -@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef - /CIDFallBack /CIDFont findresource - } if - exit -- } if -+ } executeonly if - } if - } if - -diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps -index 78b6438..ee17905 100644 ---- a/Resource/Init/pdf_main.ps -+++ b/Resource/Init/pdf_main.ps -@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - } if - pop -diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps -index e830aaa..34e2fbd 100644 ---- a/Resource/Init/pdf_ops.ps -+++ b/Resource/Init/pdf_ops.ps -@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - } bind executeonly odef - -@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef - dup type /booleantype eq { - .currentSMask type /dicttype eq { - .currentSMask /Processed 2 index .forceput -- } { -+ } executeonly -+ { - .setSMask - }ifelse - }{ diff --git a/printer/ghostscript/patches/0003-cve-2019-6116.patch b/printer/ghostscript/patches/0003-cve-2019-6116.patch deleted file mode 100644 index c81aa1647e..0000000000 --- a/printer/ghostscript/patches/0003-cve-2019-6116.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 15 Dec 2018 09:08:32 +0000 (+0000) -Subject: Bug700317: Fix logic for an older change -X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a - -Bug700317: Fix logic for an older change - -Unlike almost every other function in gs, dict_find_string() returns 1 on -success 0 or <0 on failure. The logic for this case was wrong. ---- - -diff --git a/psi/interp.c b/psi/interp.c -index 68f977c..3ac5c70 100644 ---- a/psi/interp.c -+++ b/psi/interp.c -@@ -707,7 +707,7 @@ again: - * i.e. it's an internal operator we have hidden - */ - code = dict_find_string(systemdict, (const char *)bufptr, &tobj); -- if (code < 0) { -+ if (code <= 0) { - buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-'; - rlen += 4; - bufptr = buf; diff --git a/printer/ghostscript/patches/0004-cve-2019-6116.patch b/printer/ghostscript/patches/0004-cve-2019-6116.patch deleted file mode 100644 index a1fbae8232..0000000000 --- a/printer/ghostscript/patches/0004-cve-2019-6116.patch +++ /dev/null @@ -1,126 +0,0 @@ -From: Chris Liddell <chris.liddell@artifex.com> -Date: Tue, 18 Dec 2018 10:42:10 +0000 (+0000) -Subject: Harden some uses of .force* operators -X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=59d8f4deef90c1598ff50616519d5576756b4495 - -Harden some uses of .force* operators - -by adding a few immediate evalutions ---- - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 947d281..b681ec7 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -74,7 +74,7 @@ level2dict begin - } odef - % undefinefont has to take local/global VM into account. - /undefinefont % <fontname> undefinefont - -- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly -+ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly - .currentglobal - { % Current mode is global; delete from local directory too. - //systemdict /LocalFontDirectory .knownget -@@ -85,7 +85,7 @@ level2dict begin - % definition, copy it into the local directory. - //systemdict /SharedFontDirectory .knownget - { 1 index .knownget -- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly - if - } - if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index ee3275f..48b1b2d 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put - if - } - if -- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly - % If the font originated as a resource, register it. - currentfile .currentresourcefile eq { dup .registerfont } if - readonly -@@ -943,7 +943,7 @@ $error /SubstituteFont { } put - % Try to find a font using only the present contents of Fontmap. - /.tryfindfont { % <fontname> .tryfindfont <font> true - % <fontname> .tryfindfont false -- .FontDirectory 1 index .fontknownget -+ //.FontDirectory 1 index .fontknownget - { % Already loaded - exch pop //true - } -@@ -975,7 +975,7 @@ $error /SubstituteFont { } put - { % Font with a procedural definition - exec % The procedure will load the font. - % Check to make sure this really happened. -- .FontDirectory 1 index .knownget -+ //.FontDirectory 1 index .knownget - { exch pop //true exit } - if - } -@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put - % because it's different depending on language level. - .currentglobal exch /.setglobal .systemvar exec - % Remove the fake definition, if any. -- .FontDirectory 3 index .forceundef % readonly -- 1 index (r) file .loadfont .FontDirectory exch -+ //.FontDirectory 3 index .forceundef % readonly -+ 1 index (r) file .loadfont //.FontDirectory exch - /.setglobal .systemvar exec - } executeonly -- { .loadfont .FontDirectory -+ { .loadfont //.FontDirectory - } - ifelse - % Stack: fontname fontfilename fontdirectory -@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put - % Stack: origfontname fontdirectory filefontname fontdict - 3 -1 roll pop - % Stack: origfontname filefontname fontdict -- dup /FontName get dup FontDirectory exch .forceundef -- GlobalFontDirectory exch .forceundef -+ dup /FontName get dup //.FontDirectory exch .forceundef -+ /GlobalFontDirectory .systemvar exch .forceundef - dup length dict .copydict dup 3 index /FontName exch put - 2 index exch definefont - exch -@@ -1175,10 +1175,10 @@ currentdict /.putgstringcopy .forceundef - { - { - pop dup type /stringtype eq { cvn } if -- .FontDirectory 1 index known not { -+ //.FontDirectory 1 index known not { - 2 dict dup /FontName 3 index put - dup /FontType 1 put -- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly - } { - pop - } ifelse -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index e4902a5..f9efe4e 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -1165,8 +1165,8 @@ errordict /unknownerror .undef - }ifelse - }forall - noaccess pop -- systemdict /.setsafeerrors .forceundef -- systemdict /.SAFERERRORLIST .forceundef -+ //systemdict /.setsafeerrors .forceundef -+ //systemdict /.SAFERERRORLIST .forceundef - } bind executeonly odef - - SAFERERRORS {.setsafererrors} if -@@ -2144,7 +2144,7 @@ currentdict /tempfilepaths undef - - /.locksafe { - .locksafe_userparams -- systemdict /getenv {pop //false} .forceput -+ //systemdict /getenv {pop //false} .forceput - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even diff --git a/printer/ghostscript/patches/0005-cve-2019-6116.patch b/printer/ghostscript/patches/0005-cve-2019-6116.patch deleted file mode 100644 index 5dd2d4ebce..0000000000 --- a/printer/ghostscript/patches/0005-cve-2019-6116.patch +++ /dev/null @@ -1,589 +0,0 @@ -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 9 Jan 2019 14:24:07 +0000 (+0000) -Subject: Undefine a bunch of gs_fonts.ps specific procs -X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9 - -Undefine a bunch of gs_fonts.ps specific procs - -Also reorder and add some immediate evaluation, so it still works with the -undefining. ---- - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index b681ec7..719e7e1 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -67,7 +67,8 @@ level2dict begin - - /selectfont % <fontname> <size> selectfont - - { -- { 1 .argindex findfont -+ { -+ 1 .argindex findfont - 1 index dup type /arraytype eq { makefont } { scalefont } ifelse - setfont pop pop - } stopped { /selectfont .systemvar $error /errorname get signalerror } if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 48b1b2d..63164d0 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -100,7 +100,7 @@ - { 2 index token not - { (Fontmap entry for ) print 1 index =only - ( ends prematurely! Giving up.) = flush -- {.loadFontmap} 0 get 1 .quit -+ {//.loadFontmap exec} 0 get 1 .quit - } if - dup /; eq { pop 3 index 3 1 roll .growput exit } if - pop -@@ -202,6 +202,14 @@ - { pop } - { /FONTPATH (GS_FONTPATH) getenv not { () } if def } - ifelse -+ -+% The following are dummy definitions that, if we have a FONTPATH, will -+% be replaced in the following section. -+% They are here so immediately evaulation will work, and allow them to -+% undefined at the bottom of the file. -+/.scanfontbegin{} bind def -+/.scanfontdir {} bind def -+ - FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /FONTPATH [ FONTPATH .pathlist ] def - -@@ -242,12 +250,12 @@ - /.scanfontbegin - { % Construct the table of all file names already in Fontmap. - currentglobal //true setglobal -- .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength -+ //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength - Fontmap - { exch pop - { dup type /stringtype eq -- { .splitfilename pop .fonttempstring copy .lowerstring cvn -- .scanfontdict exch //true put -+ { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn -+ //.scanfontdict exch //true put - } - { pop - } -@@ -280,9 +288,9 @@ - /txt //true - .dicttomark def - /.scan1fontstring 8192 string def --% %%BeginFont: is not per Adobe documentation, but a few fonts have it. -+% BeginFont: is not per Adobe documentation, but a few fonts have it. - /.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def --0 .scanfontheaders { length .max } forall 6 add % extra for PFB header -+0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header - /.scan1fontfirst exch string def - /.scanfontdir % <dirname> .scanfontdir - - { currentglobal exch //true setglobal -@@ -291,10 +299,10 @@ - 0 0 0 4 -1 roll % found scanned files - { % stack: <fontcount> <scancount> <filecount> <filename> - exch 1 add exch % increment filecount -- dup .splitfilename .fonttempstring copy .lowerstring -+ dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec - % stack: <fontcount> <scancount> <filecount+1> <filename> - % <BASE> <ext> -- .scanfontskip exch known exch .scanfontdict exch known or -+ //.scanfontskip exch known exch //.scanfontdict exch known or - { pop - % stack: <fontcount> <scancount> <filecount+1> - } -@@ -309,7 +317,7 @@ - % On some platforms, the file operator will open directories, - % but an error will occur if we try to read from one. - % Handle this possibility here. -- dup .scan1fontfirst { readstring } .internalstopped -+ dup //.scan1fontfirst { readstring } .internalstopped - { pop pop () } - { pop } - ifelse -@@ -322,7 +330,7 @@ - { dup length 6 sub 6 exch getinterval } - if - % Check for font file headers. -- //false .scanfontheaders -+ //false //.scanfontheaders - { 2 index exch .stringmatch or - } - forall exch pop -@@ -335,7 +343,7 @@ - { exch copystring exch - DEBUG { ( ) print dup =only flush } if - 1 index .definenativefontmap -- .splitfilename pop //true .scanfontdict 3 1 roll .growput -+ //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput - % Increment fontcount. - 3 -1 roll 1 add 3 1 roll - } -@@ -352,7 +360,7 @@ - } - ifelse - } -- .scan1fontstring filenameforall -+ //.scan1fontstring filenameforall - QUIET - { pop pop pop } - { ( ) print =only ( files, ) print =only ( scanned, ) print -@@ -422,7 +430,6 @@ - //true .setnativefontmapbuilt - } ifelse - } bind def --currentdict /.setnativefontmapbuilt .forceundef - - % Create the dictionary that registers the .buildfont procedure - % (called by definefont) for each FontType. -@@ -526,7 +533,8 @@ - % We use this only for explicitly aliased fonts, not substituted fonts: - % we think this matches the observed behavior of Adobe interpreters. - /.aliasfont % <name> <font> .aliasfont <newFont> -- { .currentglobal 3 1 roll dup .gcheck .setglobal -+ { -+ currentglobal 3 1 roll dup gcheck setglobal - % <bool> <name> <font> - dup length 2 add dict % <bool> <name> <font> <dict> - dup 3 -1 roll % <bool> <name> <dict> <dict> <font> -@@ -541,7 +549,7 @@ - % whose FontName is a local non-string, if someone passed a - % garbage value to findfont. In this case, just don't - % call definefont at all. -- 2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or -+ 2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or - { pop % <bool> <name> <dict> - 1 index dup type /stringtype eq { cvn } if - % <bool> <name> <dict> <name1> -@@ -566,10 +574,11 @@ - % Don't bind in definefont, since Level 2 redefines it. - /definefont .systemvar exec - } -- { /findfont cvx {.completefont} .errorexec pop exch pop -+ { -+ /findfont cvx {.completefont} //.errorexec exec pop exch pop - } - ifelse -- exch .setglobal -+ exch setglobal - } odef % so findfont will bind it - - % Define .loadfontfile for loading a font. If we recognize Type 1 and/or -@@ -669,10 +678,19 @@ - [(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4] - [(Serif) 8] [(Sans) -8] - ] readonly def -+ -+/.fontnamestring { % <fontname> .fontnamestring <string|name> -+ dup type dup /nametype eq { -+ pop .namestring -+ } { -+ /stringtype ne { pop () } if -+ } ifelse -+} bind def -+ - /.fontnameproperties { % <int> <string|name> .fontnameproperties - % <int'> -- .fontnamestring -- .substituteproperties { -+ //.fontnamestring exec -+ //.substituteproperties { - 2 copy 0 get search { - pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch { - dup 0 ge { or } { neg not and } ifelse -@@ -710,13 +728,7 @@ - % <other> .nametostring <other> - dup type /nametype eq { .namestring } if - } bind def --/.fontnamestring { % <fontname> .fontnamestring <string|name> -- dup type dup /nametype eq { -- pop .namestring -- } { -- /stringtype ne { pop () } if -- } ifelse --} bind def -+ - /.substitutefontname { % <fontname> <properties> .substitutefontname - % <altname|null> - % Look for properties and/or a face name in the font name. -@@ -724,7 +736,7 @@ - % base font; otherwise, use the default font. - % Note that the "substituted" font name may be the same as - % the requested one; the caller must check this. -- exch .fontnamestring { -+ exch //.fontnamestring exec { - defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique - /Helvetica-Narrow /Helvetica-Narrow-Oblique - /Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique -@@ -734,12 +746,12 @@ - } 3 1 roll - % Stack: facelist properties fontname - % Look for a face name. -- .substitutefaces { -+ //.substitutefaces { - 2 copy 0 get search { - pop pop pop - % Stack: facelist properties fontname [(pattern) family properties] - dup 2 get 4 -1 roll or 3 1 roll -- 1 get .substitutefamilies exch get -+ 1 get //.substitutefamilies exch get - 4 -1 roll pop 3 1 roll - } { - pop pop -@@ -748,7 +760,7 @@ - 1 index length mod get exec - } bind def - /.substitutefont { % <fontname> .substitutefont <altname> -- dup 0 exch .fontnameproperties .substitutefontname -+ dup 0 exch //.fontnameproperties exec .substitutefontname - % Only accept fonts known in the Fontmap. - Fontmap 1 index known not - { -@@ -814,7 +826,7 @@ - counttomark 1 sub { .aliasfont } repeat end - % <fontname> mark <font> - exch pop exch pop --} odef -+} bind odef - /findfont { - .findfont - } bind def -@@ -860,7 +872,7 @@ - } { - dup .substitutefont - 2 copy eq { pop defaultfontname } if -- .checkalias -+ //.checkalias exec - QUIET not { - SHORTERRORS { - (%%[) print 1 index =only -@@ -886,8 +898,8 @@ - //null 0 1 FONTPATH length 1 sub { - FONTPATH 1 index get //null ne { exch pop exit } if pop - } for dup //null ne { -- dup 0 eq { .scanfontbegin } if -- FONTPATH 1 index get .scanfontdir -+ dup 0 eq { //.scanfontbegin exec} if -+ FONTPATH 1 index get //.scanfontdir exec - FONTPATH exch //null put //true - } { - pop //false -@@ -897,11 +909,10 @@ - % scanning of FONTPATH. - /.dofindfont { % mark <fontname> .dofindfont % mark <alias> ... <font> - .tryfindfont not { -- - % We didn't find the font. If we haven't scanned - % all the directories in FONTPATH, scan the next one - % now and look for the font again. -- .scannextfontdir { -+ //.scannextfontdir exec { - % Start over with an empty alias list. - counttomark 1 sub { pop } repeat % mark <fontname> - .dofindfont -@@ -927,6 +938,7 @@ - } if - % Substitute for the font. Don't alias. - % Same stack as at the beginning of .dofindfont. -+ - $error /SubstituteFont get exec - % - % igorm: I guess the surrounding code assumes that .stdsubstfont -@@ -935,72 +947,11 @@ - % used in .dofindfont and through .stdsubstfont - % just to represent a simple iteration, - % which accumulates the aliases after the mark. -- .stdsubstfont -+ //.stdsubstfont exec - } ifelse - } ifelse - } if - } bind def --% Try to find a font using only the present contents of Fontmap. --/.tryfindfont { % <fontname> .tryfindfont <font> true -- % <fontname> .tryfindfont false -- //.FontDirectory 1 index .fontknownget -- { % Already loaded -- exch pop //true -- } -- { -- dup Fontmap exch .knownget -- { //true //true } -- { % Unknown font name. Look for a file with the -- % same name as the requested font. -- dup .tryloadfont -- { exch pop //true //false } -- { -- % if we can't load by name check the native font map -- dup .nativeFontmap exch .knownget -- { //true //true } -- { //false //false } ifelse -- } ifelse -- } ifelse -- -- { % Try each element of the Fontmap in turn. -- pop -- //false exch % (in case we exhaust the list) -- % Stack: fontname false fontmaplist -- { exch pop -- dup type /nametype eq -- { % Font alias -- .checkalias .tryfindfont exit -- } -- { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and -- { % Font with a procedural definition -- exec % The procedure will load the font. -- % Check to make sure this really happened. -- //.FontDirectory 1 index .knownget -- { exch pop //true exit } -- if -- } -- { % Font file name -- //true .loadfontloop { //true exit } if -- } -- ifelse -- } -- ifelse //false -- } -- forall -- % Stack: font true -or- fontname false -- { //true -- } -- { % None of the Fontmap entries worked. -- % Try loading a file with the same name -- % as the requested font. -- .tryloadfont -- } -- ifelse -- } -- if -- } -- ifelse -- } bind def - - % any user of .putgstringcopy must use bind and executeonly - /.putgstringcopy % <dict> <name> <string> .putgstringcopy - -@@ -1014,25 +965,6 @@ - } executeonly ifelse - } .bind executeonly odef % must be bound and hidden for .forceput - --% Attempt to load a font from a file. --/.tryloadfont { % <fontname> .tryloadfont <font> true -- % <fontname> .tryloadfont false -- dup .nametostring -- % Hack: check for the presence of the resource machinery. -- /.genericrfn where { -- pop -- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn -- {//false .loadfontloop} .internalstopped {//false} if { -- //true -- } { -- dup .nametostring -- {//true .loadfontloop} .internalstopped {//false} if -- } ifelse -- } { -- {//true .loadfontloop} .internalstopped {//false} if -- } ifelse --} bind def -- - /.loadfontloop { % <fontname> <filename> <libflag> .loadfontloop - % <font> true - % -or- -@@ -1102,7 +1034,7 @@ - } if - - % Check to make sure the font was actually loaded. -- dup 3 index .fontknownget -+ dup 3 index //.fontknownget exec - { dup /PathLoad 4 index .putgstringcopy - 4 1 roll pop pop pop //true exit - } executeonly if -@@ -1113,7 +1045,7 @@ - exch dup % Stack: origfontname fontdirectory path path - (r) file .findfontname - { % Stack: origfontname fontdirectory path filefontname -- 2 index 1 index .fontknownget -+ 2 index 1 index //.fontknownget exec - { % Yes. Stack: origfontname fontdirectory path filefontname fontdict - dup 4 -1 roll /PathLoad exch .putgstringcopy - % Stack: origfontname fontdirectory filefontname fontdict -@@ -1136,7 +1068,7 @@ - % Stack: fontdict - } executeonly - if pop % Stack: origfontname fontdirectory path -- } -+ } executeonly - if pop pop % Stack: origfontname - - % The font definitely did not load correctly. -@@ -1150,7 +1082,90 @@ - - } bind executeonly odef % must be bound and hidden for .putgstringcopy - --currentdict /.putgstringcopy .undef -+% Attempt to load a font from a file. -+/.tryloadfont { % <fontname> .tryloadfont <font> true -+ % <fontname> .tryloadfont false -+ dup //.nametostring exec -+ % Hack: check for the presence of the resource machinery. -+ /.genericrfn where { -+ pop -+ pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn -+ {//false .loadfontloop} .internalstopped {//false} if { -+ //true -+ } { -+ dup //.nametostring exec -+ {//true .loadfontloop} .internalstopped {//false} if -+ } ifelse -+ } { -+ {//true .loadfontloop} .internalstopped {//false} if -+ } ifelse -+} bind def -+ -+% Try to find a font using only the present contents of Fontmap. -+/.tryfindfont { % <fontname> .tryfindfont <font> true -+ % <fontname> .tryfindfont false -+ //.FontDirectory 1 index //.fontknownget exec -+ { % Already loaded -+ exch pop //true -+ } -+ { -+ dup Fontmap exch .knownget -+ { //true //true } -+ { % Unknown font name. Look for a file with the -+ % same name as the requested font. -+ dup //.tryloadfont exec -+ { exch pop //true //false } -+ { -+ % if we can't load by name check the native font map -+ dup .nativeFontmap exch .knownget -+ { //true //true } -+ { //false //false } ifelse -+ } ifelse -+ } ifelse -+ -+ { % Try each element of the Fontmap in turn. -+ pop -+ //false exch % (in case we exhaust the list) -+ % Stack: fontname false fontmaplist -+ { exch pop -+ dup type /nametype eq -+ { % Font alias -+ //.checkalias exec -+ .tryfindfont exit -+ } -+ { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and -+ { % Font with a procedural definition -+ exec % The procedure will load the font. -+ % Check to make sure this really happened. -+ //.FontDirectory 1 index .knownget -+ { exch pop //true exit } -+ if -+ } -+ { % Font file name -+ //true .loadfontloop { //true exit } if -+ } -+ ifelse -+ } -+ ifelse //false -+ } -+ forall -+ % Stack: font true -or- fontname false -+ { //true -+ } -+ { % None of the Fontmap entries worked. -+ % Try loading a file with the same name -+ % as the requested font. -+ //.tryloadfont exec -+ } -+ ifelse -+ } -+ if -+ } -+ ifelse -+ } bind def -+ -+ % Define a procedure to load all known fonts. -+ % This isn't likely to be very useful. - - % Define a procedure to load all known fonts. - % This isn't likely to be very useful. -@@ -1192,9 +1207,9 @@ - /.loadinitialfonts - { NOFONTMAP not - { /FONTMAP where -- { pop [ FONTMAP .pathlist ] -+ { pop [ FONTMAP //.pathlist exec] - { dup VMDEBUG findlibfile -- { exch pop .loadFontmap } -+ { exch pop //.loadFontmap exec } - { /undefinedfilename signalerror } - ifelse - } -@@ -1208,7 +1223,7 @@ - pop pop - defaultfontmap_content { .definefontmap } forall - } { -- .loadFontmap -+ //.loadFontmap exec - } ifelse - } { - pop pop -@@ -1272,3 +1287,18 @@ - { .makemodifiedfont - dup /FontName get exch definefont pop - } bind def -+ -+% Undef these, not needed outside this file -+[ -+ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there -+ % /.fontnameproperties - is used in pdf_font.ps -+ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps -+ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring -+ /.splitfilename /.scanfontdict /.scanfontbegin -+ /.scanfontskip /.scan1fontstring -+ /.scan1fontfirst /.scanfontdir -+ /.setnativefontmapbuilt /.aliasfont -+ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies -+ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont -+ /.putgstringcopy -+] {systemdict exch .forceundef} forall -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index b711562..d1f9f92 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -961,7 +961,7 @@ - dup type /nametype eq { .namestring } if - dup type /stringtype ne { //false exit } if - % Check the resource directory. -- dup .fonttempstring /FontResourceDir getsystemparam .genericrfn -+ dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn - status { - pop pop pop pop //true exit - } if -@@ -969,7 +969,7 @@ - % as the font. - findlibfile { closefile //true exit } if - % Scan a FONTPATH directory and try again. -- .scannextfontdir not { //false exit } if -+ //.scannextfontdir exec not { //false exit } if - } loop - } bind def - -@@ -1008,7 +1008,7 @@ - } ifelse - } bind executeonly - /ResourceForAll { -- { .scannextfontdir not { exit } if } loop -+ { //.scannextfontdir exec not { exit } if } loop - /Generic /Category findresource /ResourceForAll get exec - } bind executeonly - /.ResourceFileStatus { -@@ -1152,6 +1152,7 @@ - dup /.Instances get readonly pop - .LocalInstances readonly pop - readonly pop -+ /.fonttempstring /.scannextfontdir % from gs_fonts.ps - } forall - % clean up - systemdict /.fixresources undef diff --git a/printer/ghostscript/patches/0006-cve-2019-6116.patch b/printer/ghostscript/patches/0006-cve-2019-6116.patch deleted file mode 100644 index 330a1bc31c..0000000000 --- a/printer/ghostscript/patches/0006-cve-2019-6116.patch +++ /dev/null @@ -1,333 +0,0 @@ -From: Chris Liddell <chris.liddell@artifex.com> -Date: Fri, 11 Jan 2019 13:36:36 +0000 (+0000) -Subject: Remove .forcedef, and harden .force* ops more -X-Git-Url: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff_plain;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9 - -Remove .forcedef, and harden .force* ops more - -Remove .forcedef and replace all uses with a direct call to .forceput instead. - -Ensure every procedure (named and trasient) that calls .forceput is -executeonly. ---- - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 719e7e1..0b0dff3 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -33,14 +33,17 @@ systemdict begin - - /SharedFontDirectory .FontDirectory .gcheck - { .currentglobal //false .setglobal -+ currentdict - /LocalFontDirectory .FontDirectory dup maxlength dict copy -- .forcedef % LocalFontDirectory is local, systemdict is global -+ .forceput % LocalFontDirectory is local, systemdict is global - .setglobal .FontDirectory -- } -- { /LocalFontDirectory .FontDirectory -- .forcedef % LocalFontDirectory is local, systemdict is global -+ } executeonly -+ { -+ currentdict -+ /LocalFontDirectory .FontDirectory -+ .forceput % LocalFontDirectory is local, systemdict is global - 50 dict -- } -+ }executeonly - ifelse def - - end % systemdict -@@ -55,7 +58,7 @@ level2dict begin - { //SharedFontDirectory } - { /LocalFontDirectory .systemvar } % can't embed ref to local VM - ifelse .forceput pop % LocalFontDirectory is local, systemdict is global -- } .bind odef -+ } .bind executeonly odef - % Don't just copy (load) the definition of .setglobal: - % it gets redefined for LL3. - /setshared { /.setglobal .systemvar exec } odef -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index f9efe4e..9377f52 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -54,7 +54,7 @@ systemdict exch - dup /userdict - currentdict dup 200 .setmaxlength % userdict - .forceput % userdict is local, systemdict is global -- } -+ } executeonly - if begin - - % Define dummy local/global operators if needed. -@@ -296,13 +296,6 @@ QUIET not { printgreeting flush } if - 1 index exch .makeoperator def - } .bind def - --% Define a special version of def for storing local objects into global --% dictionaries. Like .forceput, this exists only during initialization. --/.forcedef { % <key> <value> .forcedef - -- 1 .argindex pop % check # of args -- currentdict 3 1 roll .forceput --} .bind odef -- - % Define procedures for accessing variables in systemdict and userdict - % regardless of the contents of the dictionary stack. - /.systemvar { % <name> .systemvar <value> -@@ -344,7 +337,7 @@ DELAYBIND - } - ifelse - } .bind def --} if -+} executeonly if - - %**************** BACKWARD COMPATIBILITY **************** - /hwsizedict mark /HWSize //null .dicttomark readonly def -@@ -652,7 +645,7 @@ currentdict /.typenames .undef - /ifelse .systemvar - ] cvx executeonly - exch .setglobal --} odef -+} executeonly odef - systemdict /internaldict dup .makeinternaldict .makeoperator - .forceput % proc is local, systemdict is global - -@@ -1090,7 +1083,7 @@ def - - % Define $error. This must be in local VM. - .currentglobal //false .setglobal --/$error 40 dict .forcedef % $error is local, systemdict is global -+currentdict /$error 40 dict .forceput % $error is local, systemdict is global - % newerror, errorname, command, errorinfo, - % ostack, estack, dstack, recordstacks, - % binary, globalmode, -@@ -1109,8 +1102,8 @@ end - % Define errordict similarly. It has one entry per error name, - % plus handleerror. However, some astonishingly badly written PostScript - % files require it to have at least one empty slot. --/errordict ErrorNames length 3 add dict --.forcedef % errordict is local, systemdict is global -+currentdict /errordict ErrorNames length 3 add dict -+.forceput % errordict is local, systemdict is global - .setglobal % back to global VM - % gserrordict contains all the default error handling methods, but unlike - % errordict it is noaccess after creation (also it is in global VM). -@@ -1283,8 +1276,9 @@ end - (END PROCS) VMDEBUG - - % Define the font directory. -+currentdict - /FontDirectory //false .setglobal 100 dict //true .setglobal --.forcedef % FontDirectory is local, systemdict is global -+.forceput % FontDirectory is local, systemdict is global - - % Define the encoding dictionary. - /EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings -@@ -2362,7 +2356,6 @@ SAFER { .setsafeglobal } if - //systemdict /UndefinePostScriptOperators get exec - //systemdict /UndefinePDFOperators get exec - //systemdict /.forcecopynew .forceundef % remove temptation -- //systemdict /.forcedef .forceundef % ditto - //systemdict /.forceput .forceundef % ditto - //systemdict /.undef .forceundef % ditto - //systemdict /.forceundef .forceundef % ditto -@@ -2397,9 +2390,9 @@ SAFER { .setsafeglobal } if - % (and, if implemented, context switching). - .currentglobal //false .setglobal - mark userparams { } forall .dicttomark readonly -- /userparams exch .forcedef % systemdict is read-only -+ currentdict exch /userparams exch .forceput % systemdict is read-only - .setglobal --} if -+} executeonly if - /.currentsystemparams where { - pop - % Remove real system params from pssystemparams. -@@ -2474,7 +2467,6 @@ end - DELAYBIND not { - systemdict /.bindnow .undef % We only need this for DELAYBIND - systemdict /.forcecopynew .undef % remove temptation -- systemdict /.forcedef .undef % ditto - systemdict /.forceput .undef % ditto - systemdict /.forceundef .undef % ditto - } if -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps -index 5c8ac11..da19360 100644 ---- a/Resource/Init/gs_lev2.ps -+++ b/Resource/Init/gs_lev2.ps -@@ -304,31 +304,30 @@ end - psuserparams exch /.checkFilePermitparams load put - .setglobal - --pssystemparams begin -- /CurDisplayList 0 .forcedef -- /CurFormCache 0 .forcedef -- /CurInputDevice () .forcedef -- /CurOutlineCache 0 .forcedef -- /CurOutputDevice () .forcedef -- /CurPatternCache 0 .forcedef -- /CurUPathCache 0 .forcedef -- /CurScreenStorage 0 .forcedef -- /CurSourceList 0 .forcedef -- /DoPrintErrors //false .forcedef -- /JobTimeout 0 .forcedef -- /LicenseID (LN-001) .forcedef % bogus -- /MaxDisplayList 140000 .forcedef -- /MaxFormCache 100000 .forcedef -- /MaxImageBuffer 524288 .forcedef -- /MaxOutlineCache 65000 .forcedef -- /MaxPatternCache 100000 .forcedef -- /MaxUPathCache 300000 .forcedef -- /MaxScreenStorage 84000 .forcedef -- /MaxSourceList 25000 .forcedef -- /PrinterName product .forcedef -- /RamSize 4194304 .forcedef -- /WaitTimeout 40 .forcedef --end -+pssystemparams -+dup /CurDisplayList 0 .forceput -+dup /CurFormCache 0 .forceput -+dup /CurInputDevice () .forceput -+dup /CurOutlineCache 0 .forceput -+dup /CurOutputDevice () .forceput -+dup /CurPatternCache 0 .forceput -+dup /CurUPathCache 0 .forceput -+dup /CurScreenStorage 0 .forceput -+dup /CurSourceList 0 .forceput -+dup /DoPrintErrors //false .forceput -+dup /JobTimeout 0 .forceput -+dup /LicenseID (LN-001) .forceput % bogus -+dup /MaxDisplayList 140000 .forceput -+dup /MaxFormCache 100000 .forceput -+dup /MaxImageBuffer 524288 .forceput -+dup /MaxOutlineCache 65000 .forceput -+dup /MaxPatternCache 100000 .forceput -+dup /MaxUPathCache 300000 .forceput -+dup /MaxScreenStorage 84000 .forceput -+dup /MaxSourceList 25000 .forceput -+dup /PrinterName product .forceput -+dup /RamSize 4194304 .forceput -+ /WaitTimeout 40 .forceput - - % Define the procedures for handling comment scanning. The names - % %ProcessComment and %ProcessDSCComment are known to the interpreter. -@@ -695,7 +694,7 @@ pop % currentsystemparams - /statusdict currentdict def - - currentdict end --/statusdict exch .forcedef % statusdict is local, systemdict is global -+currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global - - % The following compatibility operators are in systemdict. They are - % defined here, rather than in gs_init.ps, because they require the -diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps -index 11d4aa7..0f98876 100644 ---- a/Resource/Init/gs_ll3.ps -+++ b/Resource/Init/gs_ll3.ps -@@ -521,9 +521,8 @@ end - % Define additional user and system parameters. - /HalftoneMode 0 .definepsuserparam - /MaxSuperScreen 1016 .definepsuserparam --pssystemparams begin % read-only, so use .forcedef -- /MaxDisplayAndSourceList 160000 .forcedef --end -+% read-only, so use .forceput -+pssystemparams /MaxDisplayAndSourceList 160000 .forceput - - % Define the IdiomSet resource category. - { /IdiomSet } { -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index d1f9f92..a8f301f 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -41,10 +41,10 @@ - % However, Ed Taft of Adobe says their interpreters don't implement this - % either, so we aren't going to worry about it for a while. - --currentglobal //false setglobal systemdict begin -- /localinstancedict 5 dict -- .forcedef % localinstancedict is local, systemdict is global --end //true setglobal -+currentglobal //false setglobal -+ systemdict /localinstancedict 5 dict -+ .forceput % localinstancedict is local, systemdict is global -+//true setglobal - /.emptydict 0 dict readonly def - setglobal - -@@ -149,7 +149,7 @@ - dup [ exch 0 -1 ] exch - .Instances 4 2 roll put - % Make the Category dictionary read-only. We will have to -- % use .forceput / .forcedef later to replace the dummy, -+ % use .forceput / .forceput later to replace the dummy, - % empty .Instances dictionary with the real one later. - readonly - }{ -@@ -304,7 +304,8 @@ - dup () ne { - .file_name_directory_separator concatstrings - } if -- 2 index exch //false .file_name_combine not { -+ 2 index exch //false -+ .file_name_combine not { - (Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print = - /.default_resource_dir cvx /configurationerror signalerror - } if -@@ -317,14 +318,14 @@ - pssystemparams begin - .default_resource_dir - /FontResourceDir (Font) .resource_dir_name -- readonly .forcedef % pssys'params is r-o -+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o - /GenericResourceDir () .resource_dir_name -- readonly .forcedef % pssys'params is r-o -+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o - pop % .default_resource_dir - /GenericResourcePathSep -- .file_name_separator readonly .forcedef % pssys'params is r-o -- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o -- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o -+ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o -+ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o -+ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o - end - end - -@@ -422,8 +423,8 @@ - .Instances dup //.emptydict eq { - pop 3 dict - % As noted above, Category dictionaries are read-only, -- % so we have to use .forcedef here. -- /.Instances 1 index .forcedef % Category dict is read-only -+ % so we have to use .forceput here. -+ currentdict /.Instances 2 index .forceput % Category dict is read-only - } executeonly if - } - { .LocalInstances dup //.emptydict eq -@@ -441,7 +442,7 @@ - { /defineresource cvx /typecheck signaloperror - } - ifelse --} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef -+} .bind executeonly .makeoperator % executeonly to prevent access to .forceput - /UndefineResource - { { dup 2 index .knownget - { dup 1 get 1 ge -diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps -index 4dea296..bc2d46e 100644 ---- a/Resource/Init/gs_statd.ps -+++ b/Resource/Init/gs_statd.ps -@@ -21,10 +21,10 @@ systemdict begin - % We make statusdict a little larger for Level 2 stuff. - % Note that it must be allocated in local VM. - .currentglobal //false .setglobal -- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global -+ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global - % To support the Level 2 job control features, - % serverdict must also be in local VM. -- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global -+ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global - .setglobal - end - diff --git a/printer/ghostscript/patches/0007-cve-2019-3835-3838.patch b/printer/ghostscript/patches/0007-cve-2019-3835-3838.patch deleted file mode 100644 index abb4b0f59c..0000000000 --- a/printer/ghostscript/patches/0007-cve-2019-3835-3838.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 205591753126802da850ada6511a0ff8411aa287 Mon Sep 17 00:00:00 2001 -From: Ray Johnston <ray.johnston@artifex.com> -Date: Thu, 14 Feb 2019 10:20:03 -0800 -Subject: [PATCH] Fix bug 700585: Restrict superexec and remove it from - internals and gs_cet.ps - -Also while changing things, restructure the CETMODE so that it will -work with -dSAFER. The gs_cet.ps is now run when we are still at save -level 0 with systemdict writeable. Allows us to undefine .makeoperator -and .setCPSImode internal operators after CETMODE is handled. - -Change previous uses of superexec to using .forceput (with the usual -.bind executeonly to hide it). ---- - Resource/Init/gs_cet.ps | 37 ++++++++++++++----------------------- - Resource/Init/gs_dps1.ps | 2 +- - Resource/Init/gs_fonts.ps | 8 ++++---- - Resource/Init/gs_init.ps | 38 +++++++++++++++++++++++++++----------- - Resource/Init/gs_ttf.ps | 8 ++++---- - Resource/Init/gs_type1.ps | 6 +++--- - 6 files changed, 53 insertions(+), 46 deletions(-) - -diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps -index d47febf..54f17c6 100644 ---- a/Resource/Init/gs_cet.ps -+++ b/Resource/Init/gs_cet.ps -@@ -1,28 +1,23 @@ - %!PS - % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET - --% do this in the server level so it is persistent across jobs --//true 0 startjob not { -- (*** Warning: CET startup is not in server default) = flush --} if -+% Note: this must be run at save level 0 and when systemdict is writeable -+currentglobal //true setglobal -+systemdict dup dup dup -+/version (3017.102) readonly .forceput % match CPSI 3017.102 -+/product (PhotoPRINT SE 5.0v2) readonly .forceput % match CPSI 3017.102 -+/revision 0 put % match CPSI 3017.103 Tek shows revision 5 -+/serialnumber dup {233640} readonly .makeoperator .forceput % match CPSI 3017.102 Tek shows serialnumber 1401788461 -+ -+systemdict /.odef { % <name> <proc> odef - -+ 1 index exch //.makeoperator def -+} .bind .forceput % this will be undefined at the end - - 300 .sethiresscreen % needed for language switch build since it - % processes gs_init.ps BEFORE setting the resolution - - 0 array 0 setdash % CET 09-08 wants local setdash - --currentglobal //true setglobal -- --{ -- systemdict dup dup dup -- /version (3017.102) readonly put % match CPSI 3017.102 -- /product (PhotoPRINT SE 5.0v2) readonly put % match CPSI 3017.102 -- /revision 0 put % match CPSI 3017.103 Tek shows revision 5 -- /serialnumber dup {233640} readonly .makeoperator put % match CPSI 3017.102 Tek shows serialnumber 1401788461 -- systemdict /deviceinfo undef % for CET 20-23-1 --% /UNROLLFORMS true put % CET files do unreasonable things inside forms --} 1183615869 internaldict /superexec get exec -- - /UNROLLFORMS true def - - { } bind dup -@@ -106,6 +101,7 @@ - } ifelse - ofnfa - } bind def --% end of slightly nasty hack to give consistent cluster results - --//false 0 startjob pop % re-enter encapsulated mode -+systemdict /.odef .undef -+ -+% end of slightly nasty hack to give consistent cluster results -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 0b0dff3..7cf29b4 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -89,7 +89,7 @@ level2dict begin - % definition, copy it into the local directory. - //systemdict /SharedFontDirectory .knownget - { 1 index .knownget -- { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { //.FontDirectory 2 index 3 -1 roll .forceput } % readonly - if - } - if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 541b20c..0ec95eb 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -521,11 +521,11 @@ buildfontdict 3 /.buildfont3 cvx put - % the font in LocalFontDirectory. - .currentglobal - { //systemdict /LocalFontDirectory .knownget -- { 2 index 2 index { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { 2 index 2 index .forceput } % readonly - if - } - if -- dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ dup //.FontDirectory 4 -2 roll .forceput % readonly - % If the font originated as a resource, register it. - currentfile .currentresourcefile eq { dup .registerfont } if - readonly -@@ -1193,13 +1193,13 @@ $error /SubstituteFont { } put - //.FontDirectory 1 index known not { - 2 dict dup /FontName 3 index put - dup /FontType 1 put -- //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ //.FontDirectory 3 1 roll //.forceput exec % readonly - } { - pop - } ifelse - } forall - } forall -- } -+ } executeonly % hide .forceput - FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - - % Install initial fonts from Fontmap. -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index dce6ed4..bfda301 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2204,9 +2204,6 @@ SAFER { .setsafeglobal } if - /.endtransparencygroup % transparency-example.ps - /.setdotlength % Bug687720.ps - /.sort /.setdebug /.mementolistnewblocks /getenv -- -- /.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER -- - /unread - ] - {systemdict exch .forceundef} forall -@@ -2296,7 +2293,6 @@ SAFER { .setsafeglobal } if - - % Used by our own test suite files - %/.fileposition %image-qa.ps -- %/.makeoperator /.setCPSImode % gs_cet.ps - - % Either our code uses these in ways which mean they can't be undefined, or they are used directly by - % test files/utilities, or engineers expressed a desire to keep them visible. -@@ -2476,6 +2472,16 @@ end - /vmreclaim where - { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if - } if -+ -+% Do this before systemdict is locked (see below for additional CETMODE setup using gs_cet.ps) -+systemdict /CETMODE .knownget { -+ { -+ (gs_cet.ps) runlibfile -+ } if -+} if -+systemdict /.makeoperator .undef % must be after gs_cet.ps -+systemdict /.setCPSImode .undef % must be after gs_cet.ps -+ - DELAYBIND not { - systemdict /.bindnow .undef % We only need this for DELAYBIND - systemdict /.forcecopynew .undef % remove temptation -@@ -2483,16 +2489,29 @@ DELAYBIND not { - systemdict /.forceundef .undef % ditto - } if - --% Move superexec to internaldict if superexec is defined. --systemdict /superexec .knownget { -- 1183615869 internaldict /superexec 3 -1 roll put -- systemdict /superexec .undef -+% Move superexec to internaldict if superexec is defined. (Level 2 or later) -+systemdict /superexec known { -+ % restrict superexec to single known use by PScript5.dll -+ % We could do this only for SAFER mode, but internaldict and superexec are -+ % not very well documented, and we don't want them to be used. -+ 1183615869 internaldict /superexec { -+ 2 index /Private eq % first check for typical use in PScript5.dll -+ 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec -+ 1 index 0 get systemdict /put get eq and -+ { -+ //superexec exec % the only usage we allow -+ } { -+ /superexec load /invalidaccess signalerror -+ } ifelse -+ } bind cvx executeonly put -+ systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator - } if - - % Can't remove this one until the last minute :-) - DELAYBIND not { - systemdict /.undef .undef - } if -+ - WRITESYSTEMDICT { - SAFER { - (\n *** WARNING - you have selected SAFER, indicating you want Ghostscript\n) print -diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps -index 95b5cca..135ce93 100644 ---- a/Resource/Init/gs_ttf.ps -+++ b/Resource/Init/gs_ttf.ps -@@ -1301,7 +1301,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef - TTFDEBUG { (\n1 setting alias: ) print dup ==only - ( to be the same as ) print 2 index //== exec } if - -- 7 index 2 index 3 -1 roll exch //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 7 index 2 index 3 -1 roll exch .forceput - } forall - pop pop pop - } -@@ -1319,7 +1319,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef - exch pop - TTFDEBUG { (\n2 setting alias: ) print 1 index ==only - ( to use glyph index: ) print dup //== exec } if -- 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 5 index 3 1 roll .forceput - //false - } - { -@@ -1336,7 +1336,7 @@ currentdict /.pickcmap_with_no_xlatmap .undef - { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer) - TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only - ( to be index: ) print dup //== exec } if -- exch pop 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ exch pop 5 index 3 1 roll .forceput - } - { - pop pop -@@ -1486,7 +1486,7 @@ - } ifelse - ] - TTFDEBUG { (Encoding: ) print dup === flush } if --} bind def -+} .bind executeonly odef % hides .forceput - - % to be removed 9.09...... - currentdict /postalias undef -diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps -index a680ac1..a03d48e 100644 ---- a/Resource/Init/gs_type1.ps -+++ b/Resource/Init/gs_type1.ps -@@ -116,7 +116,7 @@ - { % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname aglname - CFFDEBUG { (\nsetting alias: ) print dup ==only - ( to be the same as glyph: ) print 1 index //== exec } if -- 3 index exch 3 index //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 3 index exch 3 index .forceput - % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname - } - {pop} ifelse -@@ -135,7 +135,7 @@ - 3 1 roll pop pop - } if - pop -- dup /.AGLprocessed~GS //true //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ dup /.AGLprocessed~GS //true .forceput - } if - - %% We need to excute the C .buildfont1 in a stopped context so that, if there -@@ -148,7 +148,7 @@ - {//.buildfont1} stopped - 4 3 roll .setglobal - {//.buildfont1 $error /errorname get signalerror} if -- } bind def -+ } .bind executeonly def % hide .forceput - - % container for CloseSource flag (default //true to prevent buildup of file handles) - /closesourcedict mark --- -2.9.1 - diff --git a/printer/ghostscript/patches/0008-cve-2019-3835-3838.patch b/printer/ghostscript/patches/0008-cve-2019-3835-3838.patch deleted file mode 100644 index f41f591d4c..0000000000 --- a/printer/ghostscript/patches/0008-cve-2019-3835-3838.patch +++ /dev/null @@ -1,162 +0,0 @@ -From d683d1e6450d74619e6277efeebfc222d9a5cb91 Mon Sep 17 00:00:00 2001 -From: Ray Johnston <ray.johnston@artifex.com> -Date: Sun, 24 Feb 2019 22:01:04 -0800 -Subject: [PATCH] Bug 700585: Obliterate "superexec". We don't need it, nor do - any known apps. - -We were under the impression that the Windows driver 'PScript5.dll' used -superexec, but after testing with our extensive suite of PostScript file, -and analysis of the PScript5 "Adobe CoolType ProcSet, it does not appear -that this operator is needed anymore. Get rid of superexec and all of the -references to it, since it is a potential security hole. ---- - Resource/Init/gs_init.ps | 18 ------------------ - psi/icontext.c | 1 - - psi/icstate.h | 1 - - psi/zcontrol.c | 30 ------------------------------ - psi/zdict.c | 6 ++---- - psi/zgeneric.c | 3 +-- - 6 files changed, 3 insertions(+), 56 deletions(-) - -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 4102d0d..1ca2775 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2563,24 +2563,6 @@ DELAYBIND not { - systemdict /.forceundef .undef % ditto - } if - --% Move superexec to internaldict if superexec is defined. (Level 2 or later) --systemdict /superexec known { -- % restrict superexec to single known use by PScript5.dll -- % We could do this only for SAFER mode, but internaldict and superexec are -- % not very well documented, and we don't want them to be used. -- 1183615869 internaldict /superexec { -- 2 index /Private eq % first check for typical use in PScript5.dll -- 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec -- 1 index 0 get systemdict /put get eq and -- { -- //superexec exec % the only usage we allow -- } { -- /superexec load /invalidaccess signalerror -- } ifelse -- } bind cvx executeonly put -- systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator --} if -- - % Can't remove this one until the last minute :-) - DELAYBIND not { - systemdict /.undef .undef -diff --git a/psi/icontext.c b/psi/icontext.c -index c4110ca..a48d8d8 100644 ---- a/psi/icontext.c -+++ b/psi/icontext.c -@@ -151,7 +151,6 @@ - pcst->rand_state = rand_state_initial; - pcst->usertime_total = 0; - pcst->keep_usertime = false; -- pcst->in_superexec = 0; - pcst->plugin_list = 0; - make_t(&pcst->error_object, t__invalid); - { /* -diff --git a/psi/icstate.h b/psi/icstate.h -index ba207cf..b06ba3f 100644 ---- a/psi/icstate.h -+++ b/psi/icstate.h -@@ -54,7 +54,6 @@ - long usertime_total; /* total accumulated usertime, */ - /* not counting current time if running */ - bool keep_usertime; /* true if context ever executed usertime */ -- int in_superexec; /* # of levels of superexec */ - /* View clipping is handled in the graphics state. */ - ref error_object; /* t__invalid or error object from operator */ - ref userparams; /* t_dictionary */ -diff --git a/psi/zcontrol.c b/psi/zcontrol.c -index e95d39b..8f7f6d0 100644 ---- a/psi/zcontrol.c -+++ b/psi/zcontrol.c -@@ -158,34 +158,6 @@ zexecn(i_ctx_t *i_ctx_p) - return o_push_estack; - } - --/* <obj> superexec - */ --static int end_superexec(i_ctx_t *); --static int --zsuperexec(i_ctx_t *i_ctx_p) --{ -- os_ptr op = osp; -- es_ptr ep; -- -- check_op(1); -- if (!r_has_attr(op, a_executable)) -- return 0; /* literal object just gets pushed back */ -- check_estack(2); -- ep = esp += 3; -- make_mark_estack(ep - 2, es_other, end_superexec); /* error case */ -- make_op_estack(ep - 1, end_superexec); /* normal case */ -- ref_assign(ep, op); -- esfile_check_cache(); -- pop(1); -- i_ctx_p->in_superexec++; -- return o_push_estack; --} --static int --end_superexec(i_ctx_t *i_ctx_p) --{ -- i_ctx_p->in_superexec--; -- return 0; --} -- - /* <array> <executable> .runandhide <obj> */ - /* before executing <executable>, <array> is been removed from */ - /* the operand stack and placed on the execstack with attributes */ -@@ -971,8 +943,6 @@ const op_def zcontrol3_op_defs[] = { - {"0%loop_continue", loop_continue}, - {"0%repeat_continue", repeat_continue}, - {"0%stopped_push", stopped_push}, -- {"1superexec", zsuperexec}, -- {"0%end_superexec", end_superexec}, - {"2.runandhide", zrunandhide}, - {"0%end_runandhide", end_runandhide}, - op_def_end(0) -diff --git a/psi/zdict.c b/psi/zdict.c -index 33be181..48fcc00 100644 ---- a/psi/zdict.c -+++ b/psi/zdict.c -@@ -212,8 +212,7 @@ zundef(i_ctx_t *i_ctx_p) - int code; - - check_type(*op1, t_dictionary); -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op1); -+ check_dict_write(*op1); - code = idict_undef(op1, op); - if (code < 0 && code != gs_error_undefined) /* ignore undefined error */ - return code; -@@ -504,8 +503,7 @@ zsetmaxlength(i_ctx_t *i_ctx_p) - int code; - - check_type(*op1, t_dictionary); -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op1); -+ check_dict_write(*op1); - check_type(*op, t_integer); - if (op->value.intval < 0) - return_error(gs_error_rangecheck); -diff --git a/psi/zgeneric.c b/psi/zgeneric.c -index 43c4bc4..3a5e398 100644 ---- a/psi/zgeneric.c -+++ b/psi/zgeneric.c -@@ -204,8 +204,7 @@ zput(i_ctx_t *i_ctx_p) - - switch (r_type(op2)) { - case t_dictionary: -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op2); -+ check_dict_write(*op2); - { - int code = idict_put(op2, op1, op); - --- -2.9.1 - |